Another turbulent week with several significant security incidents lies behind us: two third-party developers of Facebook apps stored more than 540 million records of Facebook users publicly accessible on Amazon cloud servers, and Bayer AG announced that it has become the target of potential digital industrial espionage. Cases like these are no longer unusual – a simple encryption solution would have been an uncomplicated solution in both of them.
Personal data in the cloud must be protected from unauthorized access – data protection laws around the world make this point very clear. The developers of two Facebook apps still have some catching up to do in this regard. In the first of two cases, app developers stored 146 GB of user data publicly accessible on Amazon cloud servers – account names as well as comments, likes, and reactions. The exact number of people affected is not yet clear; a total of 540 million data sets are affected. The developers of a second app straight up saved the passwords of 22,000 users in plain text in the Amazon cloud. Both cases are unacceptable from a data protection point of view – especially when encryption solutions for cloud data are as easy to implement as they are today. eperi offers encryption solutions specialized for cloud storage that work without changes to target systems and unnoticed by end users. Installed within a day, they ensure that no sensitive data is readable in the cloud.
In other news this week, the international pharmaceutical and chemical giant Bayer experienced how important the encryption of sensitive data and correct user rights management are. The Dax company announced that it had been spied on digitally by the so-called "Winnti" Group for some time. According to media reports, it may have been state-controlled industrial espionage.
The German Federal Office for Information Security is currently warning of a tense high threat situation for the entire German economy. In recent months, "Winnti" attacks have been detected in at least three medium-sized German companies. Bayer confirmed that highly professional malware had been smuggled in on one or more computers, particularly systems that interface between the intranet and the Internet.
In the era of cloud applications, industrial espionage has become a problem that hardly any company can hide from anymore. The more companies share their intellectual property, the crown jewels of every company, across different locations and regions, the more important it becomes who has access to this data and how access can be controlled.
The simplest and most effective state of the art solution for this is called in-house encryption, which you can manage yourself. Sensitive data should only be accessible to users who actually use it. Outside a secure environment defined by the company, on the other hand, this data should always be encrypted and thus stored illegibly. Even administrators should not have read access if they do not belong to the secure environment. This allows companies to significantly reduce the number of potential attack vectors for espionage and at the same time ensure compliance with strict data protection laws. eperi offers a wide range of encryption solutions for applications such as Office 365 or Salesforce, databases and files in order to optimally protect sensitive data in transit, at rest and in use.